In order to resolve insecurity of computer architectures and fundamentally improve trustworthiness of computers, the industry organizes the trusted computing platform alliance (TCPA). The TCPA defines a trusted platform module (TPM) with functions of secure storage and encryption. In March 2003, the TCPA was reorganized into a trusted computing group (TCG).
The TCG defines “trusted” as: when an entity is achieving a given objective, the entity is trusted if a behavior of the entity is always the same as that expected.
A main method of trusted computing is to perform identity verification, perform storage protection by using encryption, and perform integrity protection by using integrity measurement. A basic idea is to first establish, in a computer system, a trust root, and then establish a strip of trust chain. One level measures and authenticates another level, and one level trusts another level, extending a trust relationship to the entire computer system, so as to ensure that the computer system is trusted. Specifically, a TPM chip first measures integrity of current underlying firmware, and if a result of the measurement is correct, a normal system initialization is completed. Then the underlying firmware measures integrity of a basic input/output system (BIOS), if a result of the measurement is correct, the BIOS continues to measure integrity of an operating system, and if a result of the measurement is correct, the operating system runs normally, otherwise the running is stopped. Afterwards, the operating system measures an application and a new operating system component. A user determines whether to continue to trust this system platform after the operating system starts. In this way, the trustworthiness of the system platform is ensured by a process of establishing a trust chain.
However, the foregoing method for trusted measurement can be executed only in a start-up process of a system. After the start-up of the system is completed, software may be maliciously tampered, and the system cannot be ensured to be trusted without a method for trusted measurement.